PT-2026-46389

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

CVE-2026-27173

CVE-2026-27173 affects the Apache Airflow CNCF Kubernetes provider where JWT tokens used by workers in Kubernetes Executors can be exposed to users with read-only access to Kubernetes Pods. The issue arises from tokens being exposed in command-line arguments, potentially enabling read-only users ...

CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to the caching of user roles and permissions in the session at login, which are not refreshed after changes in the...

CVE-2019-25444 Fiverr Clone Script 1.2.2 SQL Injection via page Parameter

Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to extract sensitive database information or...

CVE-2022-38772

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature...

CVE-2025-67737

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...

CVE-2025-41348

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumperpost'...

PT-2025-47298

Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description A SQL injection issue exists in WinPlus version 24.11.27. This allows an attacker to recover, create, update, and delete databases. The issue is triggered by sending a POST request to the...

PT-2025-45365

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

enterprise Software eTimeTrackLite Web 安全漏洞

enterprise Software eTimeTrackLite Web is an attendance and access control management system from enterprise Software India. A security vulnerability exists in enterprise Software eTimeTrackLite Web version 12.0 and prior versions, which stems from a privilege control flaw that could allow an...

EUVD-2020-28248

Malware in sbrugna...

CVE-2025-57819

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issu...

CVE-2024-30158

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute...

Authelia's Group Changes may not have the expected results (YAML file backend)

Impact Under very specific conditions changes to a users groups may not have the expected results. The specific conditions are: The file authentication backend is being used. The watch option is set to true. The refreshinterval is configured to a non-disabled value. The users groups are adjusted ...

UBUNTU-CVE-2022-35946

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...

PT-2022-7404 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.3 Description: The issue is related to improper validation of request input in the plugin controller, allowing access to the low-level API of the Plugin class. This can be exploited by an attacker to alter database...

CVE-2022-38772

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature...

CVE-2022-38772

Summary: CVE-2022-38772 affects Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils. The issue is a command injection in the getNmapInitialOption function that allows authenticated users to perform database changes leading to re...

CVE-2022-38772

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature...